Abstract :
CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. It assigns a unique number to weakness types such as buffer overruns or cross-site scripting bugs (for example, CWE- 327 is "Use of a Broken or Risky Cryptographic Algorithm"). Shortly after the Top 25 list\´s release, Microsoft unveiled a document entitled, "The Microsoft SDL and the CWE/SANS Top 25," to explain how Microsoft\´s security processes can help prevent the worst offenders (http://blogs.msdn.com/sdl/ archive/2009/01/27/sdl-and-the -cwe-sans-top-25. aspx).
Keywords :
security of data; National Cyber Security Division; US Department of Homeland Security; common weakness enumeration; software security; Computer bugs; Encoding; Forgery; MySpace; Operating systems; Protection; Security; Social network services; Storage area networks; Wire; Basic training; CWE; SDL; software development lifecycle; vulnerabilities;
